Facial reconstruction

Search LJMU Research Online

Browse Repository | Browse E-Theses

Density-Based Outlier Detection for Safeguarding Electronic Patient Record Systems

Boddy, A, Hurst, W, MacKay, M and El Rhalibi, A (2019) Density-Based Outlier Detection for Safeguarding Electronic Patient Record Systems. IEEE Access. ISSN 2169-3536

08672058.pdf - Accepted Version

Download (1MB) | Preview


This research concerns the detection of abnormal data usage and unauthorised access in large-scale critical networks, specifically healthcare infrastructures. Hospitals in the UK are now connecting their traditionally isolated equipment on a large scale to Internet-enabled networks to enable remote data access. This step-change makes sensitive data accessible to a broader spectrum of users. The focus of this research is on the safeguarding of Electronic Patient Record (EPR) systems in particular. With over 83% of hospitals adopting EPRs, access to this healthcare data needs to be proactively monitored for malicious activity. Hospitals must maintain patient trust and ensure that the information security principles of Integrity, Availability and Confidentiality are applied to EPR data. Access to EPR is often heavily audited within healthcare infrastructures. However, this data is regularly left untouched in a data silo and only ever accessed on an ad hoc basis. Without proactive monitoring of audit records, data breaches may go undetected. In addition, external threats, such as phishing or social engineering techniques to acquire a clinician’s logon credentials, need to be identified. Data behaviour within healthcare infrastructures therefore needs to be proactively monitored for malicious, erratic or unusual activity. This paper presents a system that employs a density-based local outlier detection model. The system is intended to add to the defence-in-depth of healthcare infrastructures. Patterns in EPR data are extracted to profile user behaviour and device interactions in order to detect and visualize anomalous activities. The system is able to detect 144 anomalous behaviours in an unlabelled dataset of 1,007,727 audit logs. This includes 0.66% of the users on the system, 0.17% of patient record accesses, 0.74% of routine accesses, and 0.53% of the devices used in a specialist Liverpool (UK) hospital.

Item Type: Article
Additional Information: © 2019 Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works
Subjects: Q Science > QA Mathematics > QA76 Computer software
R Medicine > RA Public aspects of medicine
Divisions: Computer Science & Mathematics
Publisher: IEEE
Date Deposited: 25 Mar 2019 11:20
Last Modified: 04 Sep 2021 01:54
DOI or ID number: 10.1109/ACCESS.2019.2906503
URI: https://researchonline.ljmu.ac.uk/id/eprint/10389
View Item View Item